iTunes U security and privacy overview

Apple takes data security and the privacy of personal information very seriously. iTunes U is built with industry-standard security practices and employs strict policies to protect user data.

This article explains how iTunes U keeps course information and data secure. In addition to this article, you should also review Apple’s Privacy Policy.

Data security

iTunes U secures homework hand-ins, private discussions, and grades. It encrypts data sent over the Internet, stores it in an encrypted format when kept on a server, and uses secure tokens for authentication. This means that user data is protected from unauthorized access when it's being transmitted and when it's stored on our servers. iTunes U uses a minimum of 128-bit AES encryption—the same level of security employed by major financial institutions.

Ownership of data stored in iTunes U

The institution, instructor, or student owns any data they provide and remains in control of it at all times. Apple’s only role is to process homework, grades, and other information provided in the course of using the service.

How long iTunes U keeps data

iTunes U maintains data as long as the course or collection exists. When a course or collection is deleted, all information associated with it will be deleted. Users will still have access to any local information on their devices.

How Apple deletes data

When an instructor removes a student from a course, Apple deletes all student-created course materials, discussions, and private discussions between the student and instructor from our systems.

Authentication with secure tokens

When users access iTunes U from the iTunes U app, secure tokens eliminate the need to store passwords on devices and computers. When accessing iTunes U from a web browser, usernames and passwords are sent over an encrypted TLS connection.

Strong passwords

Apple IDs used with iTunes U must have passwords with a minimum of 8 characters, including a number, an uppercase letter, and a lowercase letter. Using a strong password is the most important thing users can do to help keep their data secure. Learn more about creating a strong password.

Privacy

Apple has a company-wide commitment to privacy. The Apple Privacy Policy covers how we collect, use, disclose, transfer, and store user information. In addition to adhering to this policy, iTunes U has these privacy features:

iTunes U data is stored in a separate database from other types of iTunes data.

Access to user and instructor data is limited to Apple personnel who require such access to support the service.

Immediate deletion upon request

When a user requests that iTunes U data be deleted, the data is deleted immediately. Users will still have access to iTunes U information stored locally on their devices.

Meeting schools' privacy obligations

iTunes U also helps schools meet their privacy obligations to students under the age of 18. Apple never uses student information for marketing or targeted advertising, we never sell student information, and we never share student information with third parties.

Student Privacy Pledge

Apple has signed the Student Privacy Pledge, further underscoring our commitment to protecting the information students, parents, and teachers share in schools.

Compliance

International Data Transfers

Apple, as a global company, has a number of legal entities in different jurisdictions which are responsible for the personal information which they collect and which is processed on their behalf by Apple Inc. Apple uses approved Model Contractual Clauses for the international transfer of personal information collected in the European Economic Area and Switzerland. Apple abides by the Asia-Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System. The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies.

Law enforcement

Apple will not disclose iTunes U data to law enforcement unless required by law. If law enforcement contacts Apple for access to iTunes U data, Apple will attempt to redirect the law enforcement agency to request that information directly from the institution, instructor, or student associated with the request. If law enforcement compels Apple to disclose iTunes U data, Apple will promptly notify the impacted user and provide a copy of the order unless prohibited by law from doing so.

Third parties

If Apple receives a request for iTunes U data from a third party (for example, requests for student records), Apple will promptly notify the institution, instructor, or student, unless prohibited by law. If Apple isn't required by law to disclose iTunes U data, Apple will reject the request.

If the request is valid and Apple could be compelled to disclose the requested information, Apple will attempt to redirect the third party to obtain the information directly from the institution, instructor, or student associated with the request. In support of this effort, Apple may provide basic contact information to the third party.